Comment by palata
3 days ago
> It's still a large security hole though!
May I ask how it is a large security hole and how it is larger than the "Ctrl+C" clipboard? Genuinely interested.
3 days ago
> It's still a large security hole though!
May I ask how it is a large security hole and how it is larger than the "Ctrl+C" clipboard? Genuinely interested.
A web page with Javascript can see & send off something you paste into a text box as soon as it appears. So if you accidentally paste some confidential information, like a password, that's a security hole even if you notice and delete it straight away. This happens even for totally innocent reasons, like search-as-you-type.
Ctrl-C/Ctrl-V copy and paste is not such a big issue because far more people are familiar with it, and it requires more deliberate actions on both sides (copying and pasting). So you're less likely to accidentally copy something around that you didn't mean to.
Wouldn't website paste it from clipboard and not primary selection (X11 have those separate) ?
> So if you accidentally paste some confidential information
So nothing like a "large security hole" that needs to be fixed, right?
I mean at this point, "SSH is a large security hole because people may enter their password while someone looks at their keyboard". I wouldn't consider that a reason to remove SSH.
So you would still need to paste deliberately.
So it's not really a security hole as much as knowing your passwords and muttering them in your sleep is one.